{"api_version":"1","generated_at":"2026-04-22T22:49:43+00:00","cve":"CVE-2023-21521","urls":{"html":"https://cve.report/CVE-2023-21521","api":"https://cve.report/api/cve/CVE-2023-21521.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-21521","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-21521"},"summary":{"title":"CVE-2023-21521","description":"An SQL Injection vulnerability in the Management Console  (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.","state":"PUBLIC","assigner":"secure@blackberry.com","published_at":"2023-09-12 19:15:00","updated_at":"2023-11-07 04:06:00"},"problem_types":["CWE-89"],"metrics":[],"references":[{"url":"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406","name":"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406","refsource":"MISC","tags":[],"title":"BSRT-2023-001 Vulnerability in Management Console and Self Service Impact AtHoc Server","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-21521","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-21521","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"21521","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"blackberry","cpe5":"athoc","cpe6":"7.15","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-21521","ASSIGNER":"secure@blackberry.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"\nAn SQL Injection vulnerability in the Management Console  (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"BlackBerry","product":{"product_data":[{"product_name":"AtHoc","version":{"version_data":[{"version_affected":"=","version_value":"7.15"}]}}]}}]}},"references":{"reference_data":[{"url":"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406","refsource":"MISC","name":"https://support.blackberry.com/kb/articleDetail?articleNumber=000112406"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2023-09-12 19:15:00","lastModifiedDate":"2023-11-07 04:06:00","problem_types":["CWE-89"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.2,"baseSeverity":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:blackberry:athoc:7.15:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}